Hands-on Exploitation Certification Flashcards
What is an Open Redirects?
Open redirects happen when the web application takes an untrusted input and redirects a user from the web application to untrusted site or resources that will be used further for malicious purposes
What is the threat level of an open redirects?
Low
What does XSS stand for?
Cross site scripting
What should you be looking for to evaluate for XSS?
Anywhere You can inject an input
What type of threat is the following?
Www.meow.com/?name=<meowscript>alert(one)</meowscript>
XSS
What is stored XSS?
Stored XSS is when the script is stored on the application database. For instance a comment section. If you are able to to set an alert as a script on there then everyone that visits would get the alert
What is Blind XSS
Blind XSS is where the payload is fired on an internal system that is only accessed by employees.
What language are XSS payloads written in?
Javascript
What common method/function is used to test for the existence of XSS?
alert
What type of XSS can achieve persistance on an app?
Stored
What type of XSS do you receive no immediate feedback for whether is has worked of not?
Blind
In more modern Chrome browsers alert() may not work in iframe payloads. What method can you use instead?
print()
What is Reflected XSS?
where the malicious script comes from the current HTTP request.
What is DOM-based XSS?
where the vulnerability exists in client-side code rather than server-side code.
What are six things XSS can be used for?
- Impersonate or masquerade as the victim user.
- Carry out any action that the user is able to perform.
- Read any data that the user is able to access.
- Capture the user’s login credentials.
- Perform virtual defacement of the web site.
- Inject trojan functionality into the web site.
XSS:
How can you get around this to make the alert fire off?
by including “> this will close off the value tag causing the alert to fire
XSS:
How can you escape this text area to fire off this alert?
By closing off the text area like so </textarea>
Since everything inside the test area is considered raw text the script wont fire
XSS:
How can you escape this title field to fire off this alert?
By closing the title tag like so </title> this will close the html and fire off the alert
XSS:
How can we insert an alert for this for that injects a style element into the header?
By closing off the stylle tag
XSS:
How would we want to handle this alert we injected to cause it to fire?
The value we place get put into a string. to close the value we will want to start with closing the string with ‘
once we close the string we qwill want to end the variable declaration with ; once that is closed our alert will then be in order. However the program will auto add another ; so we will want to comment out the rest of the line with //
